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April 29, 1985 


KjaA- 


Honorable William J. Casey 
Director 

Central Intelligence Agency 
Washington, DC 20505 


Dear Mr. Casey: 

The Information Security Oversight Office (ISOO) was established 
under Executive Order 12065 and continues to function under 
Executive Order 12356. Sections 5.2(b)(2) and (4) of the Order 
authorize the Director of iSOO to oversee agency actions to 
ensure compliance with the Order and its implementing directives 
and to conduct on-site reviews of the information security pro- 
grams of executive branch agencies that generate or handle clas- 
sified information. To comply with the Order's requirements, 
Harold Mason of ISOO' s staff conducted a review of the informa- 
tion security programs in the Office of Research and Development, 
Deputy Director for Science and Technology and the Intelligence 
Community Staff on February 26, 1985. 

Mr. Mason examined several aspects of the programs at the Central 
Intelligence Agency (CIA) including, among others, classifica- 
tion, safeguarding, and security education. The results of the 
inspection are contained in the enclosed report. Mr. Mason found 
the offices visited in the CIA to be in compliance with the 
Executive Order and implementing ISOO Directive No. 1. The 
report includes one recommendation which ISOO understands is in 
the process of being implemented. 

I appreciate the cooperation and support provided Mr. Mason 
during the course of his inspection. The personnel interviewed 
were cognizant of their responsibilities under the Order and 
appeared sincere in their desire to maintain an effective infor- 
mation security program. If you have any questions on the en- 
closed report, please do not hesitate to contact me. 

Sincerely, 



Director 

Enclosure 

cc: Anthony Frasketi 
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Report of Inspection by the 
Information Security Oversight Office of the 
Intelligence Community Staff and the 
Office of Research and Development, Deputy Director for 
Science and Technology, Central Intelligence Agency 


I. General 


On February 26, 1985, Harold Mason, Information Security 
Program Analyst, Information Security Oversight Office 
(ISOO), inspected the information security programs in the 
Intelligence Community Staff (ICS) and the Office of 
Research and Development (ORD) , Deputy Director for Science 
and Technology (DDS&T) , to determine their degree of 
compliance with Executive Order 12356 and ISOO implementing 
Directive No. 1. ISOO's inspection continued to concentrate 
on safeguard ing p rocedures, security education, and marking 
procedures. | Classification Officer, 

Information Management Branch, coordinated the visit with 
the CIA offices and accompanied Mr. Mason on the inspection. 

II. Findings 


A. Classification/Marking 

All documents reviewed by Mr. Mason were properly 
classified and portion marked. Classification actions 
taken in ORD are reviewed by a second party as a "check 
and balance" system, because it is imperative that all 
information be properly classified and marked. In his 
review of the offices, Mr. Mason did not observe an 
original classification decision. In ORD and ICS 
portion marking practices are excellent. ICS reports 
are generally a synthesis of information derived from 
meetings and source documents. Derivative 
classification decisions are usually based on the CIA 
classification guide. 

Sections 2001.20 through 2001.22 of ISOO implementing 
Directive No. 1 outline the proper procedures for the 
application of derivative classification markings 
whenever documents are classified derivatively on the 
basis of source documents or classification guides. 

Mr. Mason notgd a lack of consistency in some ICS 
documents. The following are examples of markings used 
on similar type ' reports : 

1. "Classified by: 

Declassify 

Derivatively classified by: " 
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2. "Derivatively classified by; 

Declassify: 

Derived by: 

Reports or studies produced by the ICS are often widely 
disseminated and used as a basis of further derivative 
classification. It is important that the markings be 
consistent. The staff seemed most anxious to resolve 
this problem. Mr. Mason provided them with an ISOO 
produced "Marking" handbook, and training sessions will 
be scheduled utilizing an ISOO produced slide/tape 
presentation on marking procedures. 

B. Safeguarding 

The protection of national security information, 
sources, and methods is an ongoing program. No 
deficiencies were detected in any of the areas visited. 

C. Security Education 

The areas visited do not have individual training 
programs. Most of the training is provided by the 
Office of Training. Individuals are provided any 
additional training needed and attend various training 
courses. 

III. Conclusion 

The Office of Research and Developnent and the Intelligence 
Community Staff are in compliance with Executive Order 12356 
and the ISOO implementing Directive. Implementation of 
ISOO's recommendation will further enhance the information 
security program of the ICS. 

IV. Recommendation 

Provide ICS personnel with additional training on marking 
procedures. 


Sanitized Copy Approved for Release 2010/02/22 : CIA-RDP87M00220R000200250014-8 


